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Data access in a telephonne system 
Field of the invention 

This invention rerelates to an improvement of the data security / of 
5 data access in a teiephonee system. Quite especially, the invention relates s to 
an improvement of the daata security of direct data accesses connected i to 
mobile communications sy^stems. 

Background of f the invention 

10 As the data transmission capacity of telephone systems . is 

increasing, as the servicess provided by data networks are improving and I as 
the use of data networks, , such as the Internet, is becoming more genenral, 
the need for connecting thhe telephone system directly to data networks hhas 
grown. To meet this deemand, Direct Data Accesses DDA have beeen 

15 developed, wherein the e3xchange of the telephone network is connectcted 
directly to the data networks. 

Figure 1 shows j such an arrangement by way of example, whercein 
there is a direct data acccess from a Mobile Switching Centre MSC to ; an 
Asynchronous Transfer Mdode or ATM network, to a Public Switched Packket 

20 Data Network PSPDN, to > a Private Network PN, to a Local Area Netwoork 
LAN and to a data netwoork in accordance with the X.25 protocol. Throuugh 
the exchange, data services may be used by mobile stations direcctly 
subordinated to the exchaange, such as Mobile Stations MSa, by mobbile 
stations MSb subordinatedd to other mobile services switching centres, suuch 

25 as MSC2, which are connnected to the exchange through the network, aand 
by subscriber equipment, s such as Fixed telephone network Subscribers FFS, 
of other systems which aree connected to the exchange through an Integrated 
Services Digital Network ISSDN. 

MSC is connectcted to an ATM network with an IWF matching unnit. 

30 The matching unit collects > data transmitted by the subscriber in the form oof a 
circuit switched data signaal and from this it forms packets or cells of a fixxed 
length suitable for transmission to the ATM network. The circuit switchhed 
data signal may be e.g. ii in accordance with the CCITT V.24W.28, CCPITT 
V.110 or CCITT V.120 staandards (CCITT = Comite Consultatif International 

35 de Telegraphique et Telel§phonique). Correspondingly, the matching uunit 
sends information containned in the cells which it receives from the AYTM 
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network and which is to bbe sent to the user and transmits it to the user iiin a 
circuit switched form. Too make possible several connections in parallel, 
several matching units in p parallel may be used. 

The exchange s is connected to the public switched packet ddata 
5 network by a Packet Hanndler PH, which converts the circuit switched ddata 
signal into a data packets flow in accordance with a protocol, such as the 
Transport Control Protoccol/lntemet Protocol TCP/IP, which is used in the 
public data network. The p packet handler functions as the access point to > the 
data network in relation tto the telephone system. Several packet handlers 

10 may be connected to the exchange, whereby several simultaneeous 
connections may be set upp with the data network. 

To a private nnetwork PN, such as the in-house network oof a 
company, the exchange is connected by an IWF (InterWorking Functition) 
matching unit, which convverts the circuit switched data signal in accordaance 

15 with the protocol used in tithe private network. The matching unit is conneccted 
to the private data netwwork by a fixedly allocated subscriber line, whhich 
functions as the access f point to the data network. Several matching uunits 
may be connected to the exchange, whereby several simultaneeous 
connections may be set upp with the data network. 

20 The exchange * is connected to a LAN local area network byy an 

IWF matching unit and bby a LAN ROUTER connected to the former. IThe 
exchange may be conneected to the router with several subscriber lirines, 
whereby several simultaraneous connections can be set up with the LLAN 
network. The router functions as both access point to the data network annd a 

25 concentrator collecting in 1 a buffer the data packets received in parallel frfrom 
the different subscriber I lines and supplying them to the data networkk in 
series form. 

In a fifth connnection method, the packet network, which in i the 
figure is a data network inn accordance with the X.25 protocol, is connecteed to 

30 the exchange with the 3 aid of an IWF matching unit and a Paacket 
Assembler/Disassembler • PAD. The matching unit sends to the paacket 
assembler/disassembler f functioning as the access point to the data netwwork 
a circuit switched data ssignal, which may be e.g. in accordance with i the 
CCITT V.24AA28 or CCITTT V.110 standards. Of the circuit switched sigqnals 

35 the packet assembler/dissassembler forms packets, buffers the packets ; and 
supplies them to the data a network in series form. 



WO 99/20031 PCT/FI98/00795 5 

3 



Furthermore, tithe mobile switching centre may be connected t to a 
PDN packet data netwoork with the aid of an IWF matching unit andd an 
Access Router AR. The AAR is connected to a (Pulse Code Modulation) PPCM 
matching unit by a condductor on which a protocol in accordance with i the 
5 CCITT V.1 10 or CCITT W.120 standard is used. The access router convverts 
the circuit switched data i signal going to the packet network so that it i:is in 
accordance with the pacteket data protocol used in the packet network, ; and 
sends it to the packet ddata network. The packet switched data whicch it 
receives from the packefet data network the access router converts intrto a 

10 circuit switched data signnal to be sent to the exchange. The exchangge is 
connected to the accesss router by exchange signalling, such as t e.g. 
signalling in accordances with the 30B+D standard, the DPNSS (Dicigital 
Private Network Signalling System) or the QSIG international signalling 
standard for corporate nnetworks. Differing from the other data accessses 

15 shown in Figure 1, the 3 mobile switching centre may set up signalling 
connections with the acceess router outside the traffic channel. 

Data security i: is one of the major problems with data accessses. 
Since data networks veery often contain information which must be kkept 
secret from outsiders, acceess of outsiders to the network must be prevenhted. 

20 In connection with chargeeable data services, the network operator to be a able 
to charge needs the idenntity of the user using the network services. Alsso in 
this case, it must be posssible to prevent any user assuming a false idenntity 
from gaining access to thhe network services. However, in the system shoown 
in Figure 1, anyone who l< learns the call number of a data network services will 

25 gain access to the netwohrk and thus to use services of the network. 

Figure 2 shoows a state-of-the-art arrangement in a moobile 
communications system f for preventing switching-on under a false identitity to 
a HOST server located J in a data network. Mobile station MS requaests 
connection set-up of thafet mobile switching centre MSC2 under which i it is 

30 located at the moment. ODn receiving the request for a connection set-up, >, the 
MSC2 authenticates thea mobile station (step P1) to make sure that t the 
mobile station has givercn a true subscriber identity. Having ensured I the 
identity of the mobile sfctation, the MSC2 sets up a connection with ■ that 
exchange MSC1, which t by way of the PAD packet assembler/disassemnbler 

35 is directly in connection i with the data network. MSC1 switches on to> the 
packet assembler/disasssembler, which sends back to the subscribeer a 
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request to perform an aauthentication procedure based on the use oof a 
password (step P2). In reesponse to the request, the subscriber suppliess his 
user identification and hhis password. The packet assembler/disassemhbler 
checks if the password giviven by the user is the same as the password staored 
5 in its own user database. . If this is the case, the subscriber is given accesss to 
the data network. Otherwmse access is barred. 

Inside the dataa network, the network elements trust one anobther 
(step P3). Hereby all subscribers who have been given access to the 
network have access trio all servers of the network, unless these are 

10 separately protected , e.gg. by authentication procedures based on the us6e of 
a password. After the aauthentication, the packet assembler/disassemhbler 
located in the exchanges begins to convert the circuit switched data fflow 
received from the mobiles station into packet form and to send it in paacket 
switched form through thhe data network and further to the HOST senrver. 

15 Correspondingly, the paacket assembler/disassembler receives from the 
HOST server in the data * network packet switched data, which is conveerted 
by the packet assembler/c/disassembler into circuit switched form and whicbh is 
sent on the circuit switcheed connection to the MS mobile station. 

Figure 3 shows/s another state-of-the-art arrangement in a mobbile 

20 communications system fifor preventing switching-on under a false identity to 
a HOST server located irin a data network. The connection set-up from 1 the 
mobile station to the MS6C1 exchange, which is connected directly with 1 the 
data network through a a PAD packet assembler/disassembler, is sett up 
exactly in the same mannner as in the example shown in Figure 2. Howeever, 

25 the packet assembler/disaassembler does not authenticate the subscriber, \ but 
it sends in packet form a i request for connection set-up to the HOST senrver. 
Hereby anybody who knows the call number of the PAD paacket 
assembler/disassembler r may set up a connection with the HOST server.r. To 
prevent unauthorised usee of the server, authentication procedures are ugsed, 

30 wherein the user sends \ his user ID and his password to the server in i the 
data network. The serveer checks if the password given by the user tabllies 
with the password storeed in the server's user database. If it does, the 
subscriber is given accesss to the server. If it does not, access is barred. 

However, theere are some problems with state-of-thee-art 

35 authentication methods. Firstly, the data network must include meanss for 
performing the authentication procedure and for maintaining the passvwvord 
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database required by thes procedure. However, these are not available irin ail 
data networks and aat their access points, e.g. in the paacket 
assemblers/disassemblenrs, whereby anybody has access to use the servi/ices 
of the data network by dialling the call number of the paacket 
5 assembler/disassembler. . Nor is it often sensible to implement the passwword 
authentication in a serveer-specific manner, since the number of passvwvord 
databases which must heereby be maintained will often become too highh. In 
addition, the user when S6etting up the connection must remember his useer ID 
and the corresponding paassword, the number of which may be considerable 
10 with a user using many different systems. 

It is an objective of this invention to solve the problems descriribed 
above. The objective is is achieved with the method described in the 
independent claims. 

1 5 Brief description of the invention 

The inventive it idea is to define a closed user group formed by ' the 
access point to the data a network and by the users of a service. Incorrming 
calls coming from outsidde the user group to the access point of the cdata 
network are barred. Callds inside the user group coming to the access ppoint 

20 are given access. Herebby the telephone system in itself prevents usisers 
outside the data servicers user group from gaining access to the network. :. 

The user of thhe data service when taking contact with the cdata 
network states the user < group formed by users of the data service as 5 the 
user group of the call to bbe set up. This information can be established inn the 

25 user's subscriber data aas the default user group of the basic servicee in 
question, whereby the information need not be given manually when thes call 
is set up. The telephone 5 system when setting up the call checks whethenr the 
user belongs to the user c group mentioned in the call set-up data and whefether 
he is otherwise entitled tdo the call. If the user is entitled to the call, set-upp of 

30 the call is continued to thnat exchange from which there is a direct connecction 
with the data network. 

The exchangqe which has a direct connection with the cdata 
network checks if the acccess point to the data network allows set-up of>f the 
call. Set-up of the call is < allowed only if the access point belongs to the 1 user 

35 group given by the user nrequesting set-up of the connection. 
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The telephone * system is preferably a mobile communicaticions 
system, whereby the identitity of the user requesting set-up of the connection 
can be verified through known authentication procedures of the mobbile 
communications system. 

5 

List of figures ; 

The invention ■ will be described more closely referring to 1 the 
appended drawings, wheraein 

10 Figure 1 shows an arranngement for connecting subscriber equipment trto a 
data network; 

Figure 2 shows an examnple of authentication of a data service user; 
Figure 3 shows another e example of authentication of a data service usenr; 
Figure 4 shows set-up ofrf an outgoing call; 
15 Figure 5 shows a user's $ service record; 
Figure 6 shows set-up ohf an incoming call; 
Figure 7 shows a user's j service record; 

Figure 8 shows a check < made when setting up a call of a finishing dossed 
user group; andd 
20 Figure 9 shows an autheentication process. 

Detailed descriription of the invention 

It is known in t telecommunication systems to define closed uuser 
groups CUG e.g. defined I by the staff of a company or by a certain circleie of 
25 friends. The services of f a user group may be different as regards 1 the 
services and e.g. cheaper r than normal calls. 

Use of a closeed user group in a telecommunication systerrm is 
described in the GSM 022.85 specification published by the ETSI (ETSSI = 
European Telecommuniacations Standards Institute). According to 1 the 
30 specification, such diffenrent subscriber options may be defined fonr a 
subscriber belonging to aa closed user group, which indicate what kindss of 
call the subscriber may reeceive or make. These subscriber options are 

1 . CUG calls < only; the subscriber may set up calls only uwith 
subscribers of his own CU JG group; 
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2. Access for C3UG and incoming calls; the subscriber may set* up 
calls with subscribers of hhis own CUG group and may also receive incomning 
calls coming from outside I his own CUG group (IA t Incoming Access); 

3. Access for C3UG and outgoing calls; the subscriber may set* up 
5 calls with subscribers of hhis own CUG group and he may also make outgooing 

calls going outside his owrm CUG group (OA, Outgoing Access); and 

4. Access forr CUG and outgoing and incoming calls; * the 
subscriber may set up cahlls with subscribers of his own CUG group and i he 
may also make outgoing ccalls going outside his own CUG group and receeive 

10 incoming calls coming fronm outside his own CUG user group (IA + OA). 

In addition, restrictions inside the user group may be defined i for 
the subscriber, 

1. ICB, Incominng Calls Barred within a CUG; and 

2. OCB, Outgoing Calls Barred within a CUG. 

15 A subscriber mnay belong to several closed CUG user groupss at 

the same time, some of wlvhich may be chosen as the default group, whicbh is 
used in the set-up of outggoing calls, unless otherwise mentioned separately 
for the individual call. 

According to thee present invention, such a user group is defineod in 

20 a telephone system whicch includes the data network's access point sand 
users of the data netwaork. The access point can also be defined I as 
belonging to several smaaller user groups, whereby the users of the ddata 
network are in some wayy divided into these groups. This grouping may / be 
used to advantage e.g. in \ keeping statistics on and in charging of calls. 

25 Figure 4 showsrs the progress of a set-up of a call in accordannce 

with the invention which is going out from a subscriber. After the mobbile 
station has made a CHA^NNEL REQUEST for set-up of a connection, • the 
mobile switching centre i MSC2 checks the mobile subscriber's idenntity 
through an authenticationn procedure AUTHENTICATION. If the identityty is 

30 proved false, set-up of tithe call is broken off. If the identity given by the 
mobile station proves too be true, set-up of the call is started with the 
information given by the nrmobile station, which is the BCIE (Bearer Capabbility 
Information Element) and i the CUG INDEX user group data. If the user ddoes 
not separately and mannually define any user group data for use 3 in 

35 connection with the call S6et-up, that default data will be used in the call s set- 
up which he has establishhed in advance. 
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When setting up a data call in a packet data network, the 
subscriber uses a BA6 baasic service, which is the PAD service to use wh/hen 
switching on to packet ddata networks at a transmission rate of 9600 bitits a 
second. If the user groupp of the data network's access point is the uuser 
5 group defined by the suubscriber as default value when using this baasic 
service, the subscriber i need not give it separately in the call set-t-up. 
However, the use of a defrfault value user group must not be prevented in i the 
individual call. If the userVs default value user group is different from the uuser 
group of the data networkk's access point, the subscriber when setting up ) the 

1 0 data call must separately r input the CUG INDEX of the true user group. 

Next, the exchaange checks (CUG-CHECK(O)) whether the mobbile 
station has the right to a i set-up of the CUG call he has requested. Thiais is 
done with the aid of the BBCIE service identifier received from the subscriber, 
with the CUG INDEX of tithe user group data, with subscriber data storeed in 

1 5 the visitor location registers VLR and with a special authorisation function. 

Figure 5 shows/s storing of data relating to closed user groupos in 
the home location registeer HLR of a subscriber entitled to access to a ddata 
network. The data stored I in the subscriber's visitor location register VLR i is a 
copy of the data showwn in the figure. The IMS! (International Mobbile 

20 Subscriber Identity) is thne key to the record. A list of the call servicess to 
which the subscriber has > a right is appended to the subscriber identity. "IThe 
services are distinguisheed from each other by using BSGC (Basic Senrvice 
Group Code) codes. Withh the services are combined CUG INDEX LIST ddata 
of the user groups availabble to the subscriber, DEFAULT CUG INDEX of f the 

25 closed user group to bee used primarily in the call set-up, data on OA 
outgoing access for callsls going outside the group and data on incorrming 
access for calls coming frcrom outside the group. 

In the examplee shown in Figure 5, in connection with a T11 call 
service the subscriber is < defined to belong to user groups, the CUG INDDEX 

30 of which is 1 , 3 or 4. Of thhese that user group is defined to be used primaarily, 
the CUG INDEX of whichh = 1. There is access both for calls going outdside 
the group and for calls c coming from outside the group (OA = T, IA == T). 
Correspondingly, in connnection with fax service T62 of group 3, the 
subscriber belongs to grooups, the CUG INDEX of which are 1, 3 and 4, wwhile 

35 that user group is used | primarily, the CUG INDEX of which = 1. Thercre is 
access both for calls gooing outside the group and for calls coming frfrom 
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outside the group (OA = = T, IA = T). When switching on to packet cdata 
networks at a transmission rate of 9600 bits a second in connection wiVith a 
BA6 PAD service, the us6er belongs to that user group only, the CUG INDDEX 
of which = 2. Outgoing ccalls going outside the group are barred (OA == F, 
5 False), but there is accesss for incoming calls from outside the group (IA * = T, 
True). 

In addition to \ service data and primary CUG groups relatinpg to 
services, the visitor locaation register stores a description of the CUGG IC 
network-specific group aattributes for use between the subscriber-speecific 

10 CUG INDEX group attributes and the exchanges. ICB and OCB call 
restrictions within the useer group are also defined on a user group basiss. In 
the example shown in thee figure, the subscriber's user group CUG INDEEX 1 
corresponds to the CUCIG IC 101 network-specific identifier, while CCUG 
INDEX 2 corresponds to ( CUG IC 12, CUG INDEX 3 corresponds to CUGG IC 

15 1 and CUG INDEX 4 conrresponds to CUG IC 14. In the example showivn in 
the figure, the subscriber r may both receive and set up calls within the gnroup 
in all user groups. 

The mobile switching centre uses a SENDJNFO_p/G_C£ALL 
message (Figure 4) to aask the visitor location register VLR if the subscriber 

20 has the right to the calall set-up he has requested. If he does not, the 
connection set-up is banrred. Having made sure that the mobile statioon is 
entitled to set-up of the caall it requested, MSC2 sets up a connection throough 
NW (Network) with that eexchange MSC2, which is in direct connection \ with 
the data network by way * of the access point in the example, that is, throough 

25 the packet assembler/disassembler PAD. MSC2 provides the exchaange 
MSC1 with the user groupp data defined by the user. For this to be possible, 
the signalling between exxchanges must support transmission of CUG ddata. 
Such signalling is e.g. tithe international ISUP (ISDN User Part) and I the 
national TUP93 (Telephoone User Part 93) which is used in Finland and i the 

30 IUP (Interconnect User PPart) which is used in England. In this part the tuser 
group is identified using i a CUG IC identifier which unambiguously defifines 
the user group within the* network. Having sent the request for a connection 
set-up, the MSC2 remairins waiting for ANSWER from MSC1. If the moobile 
subscriber's current exchhange MSC2 itself has a direct connection with l the 

35 data network, the connnection set-up between exchanges through the 
network will of course notrt take place. 
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Figure 6 shovwvs set-up of a finishing call. Having received I the 
SETUP(CUG IC, OA) reqquest for a connection set-up from the NW netvwork, 
MSC1 checks (CUG-CHEIECK(T)) if the requested call can be set up. * The 
user group data defined bby the calling subscriber and received in the reqquest 
5 for a connection set-up i as well as the user group data defined by ' the 
recipient of the call, that i is, for the PAD access point of the data network, is 
used in the check. If it iss found in the check that the call may be set upp, a 
connection with the datsta network is set up by way of the PAD paocket 
assembler/disassembler, i In addition, an ANSWER message is used to gi\ive a 

10 notification of the connection set up to the exchange which made the reqquest 
for a connection set-up. 

Figure 7 showvs a record for use in the storing of the user gnroup 
data defined for the dataa network's access point. The record is prefera-ably 
maintained in that MSC11 exchange, which has a direct connection withi the 

15 access point. The call nuumber of the access point, that is, the ISDN nurrmber 
(ISDN = Integrated Serwices Digital Network) functions as a key to > the 
record. A list is appendeed to the call number of the basic services to wtohich 
the connection is entitledd. Services are distinguished from each other \ with 
the aid of BSGC (Basic SService Group Code) service codes. Combined \ with 

20 the services are CUG INMDEX LIST data about the user groups available to 
the connection, DEFAUL'.T CUG INDEX about the closed user groups too be 
used primarily in the call i set-up, data on OA access for outgoing calls gqoing 
outside the group and datata on access for incoming calls coming from outstside 
the group. 

25 In the examplole shown in the figure, only one basic servicce is 

defined for the connection, that is, the BA6 PAD service for use aat a 
transmission rate of 96000 bits a second. The connection belongs to one tuser 
group only, the CUG INDDEX of which = 1. In accordance with the invention, 
incoming calls from outsside the group are barred (IA = F). Besides tthis, 

30 outgoing calls going outJtside the group are also barred (OA = F) in i the 
example shown in the figqure. 

In addition, thee database of the exchange stores a descriptioDn of 
the CUG IC network-spoecific group attributes for use between the CCUG 
INDEX subscriber-specifi(fic group attributes and the exchanges. The ICB J and 

35 OCB call restrictions withhin the group are also defined on a user group baasis. 
In the example shown in i the figure, the subscriber's user group CUG INDDEX 
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1 corresponds to the CUUG IC 12 network-specific identifier. The connecction 
may both receive and setet up calls within the group in all user groups (ICCB = 
F,OCB = F). 

Figure 8 shows/s a CUG-CHECK(T) user group check to be mnade 
5 in the MSC1 exchange. IThe check is started after the MSC1 exchange s has 
received the SETUP(CU0G IC, OA) request for a call set-up containing i user 
group data (step N01). TIThe exchange first checks whether MSB belonggs to 
the CUG user group deftfined by subscriber A by comparing subscriber r B's 
IC(B) group identifiers witith the IC(A) group data given by subscriber A (s(step 

10 N02). If it is found that t subscriber B belongs to the defined user gnroup 
(IC(A)e{IC(B)} is true), 1 the function proceeds to step N03, where i it is 
checked if MSB has banrred incoming calls within the group (ICB). If c calls 
within the group are allowwed (ICB(B) is false), the call set-up is continuecd as 
a CUG call (step N04). t A check is also made of possible call forwardding, 

15 although such is not maade in practice at the data network's access pooint, 
which is why it is of no siggnificance to the invention. 

If it is found im step N02 that subscriber B does not belong toD the 
user group defined by suubscriber A (IC(A)<2{IC(B)}), or if it is found in sstep 
N03 that subscriber B haas barred calls within the group, progress is madde to 

20 steps N11 and N12, wherere it is checked if the call can be set up as a nonrmal 
call. A check is made in i step N11 of whether subscriber A has allowed i the 
call to go outside the grooup (OA(A)) and in step N12 it is checked whefether 
subscriber B has alloweed incoming calls coming from outside the gnroup 
(IA(B)). If both conditionss are fulfilled, the call is continued as a normal I call 

25 (step N13). If even one c condition of steps N11 and N12 is not fulfilled, , the 
call is rejected (step N20)i). 

Since accordiring to the invention, calls outside the group • are 
barred at the data netwoDrk's access point, condition N12 is not fulfilled \ with 
calls ending at the accesss point. Under these circumstances, a connecction 

30 will be set up only if the aaccess point belongs to a closed user group defifined 
by the user (condition N002). Since no barring is defined at the access ppoint 
of incoming calls within ttthe closed user group, the call will always be setst up, 
if the access point belonggs to the closed user group defined by the user. 

Having found t that there is access for the call, MSC1 switchess on 

35 to the packet assembler/c/disassembler and the subscriber is given accesss to 
the data network. 
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Figure 9 shoows the authentication process of the resulting 
connection. Based on 1 the authentication according to the moobile 
communications system bbetween the mobile station and the mobile switcbhing 
centre MSC2 t the MSC2 i trusts the identity given by the mobile station (s(step 
5 11). Having checked thee subscriber's right to use the closed user grjroup 
defined in the call (step I22) f MSC2 can be sure that the subscriber who mnade 
the request for a conneection set-up belongs to the defined user gr<roup. 
Between the mobile switcching centres MSC2 and MSC1 the connection uuses 
such fixed lines betweenn the exchanges which are considered reliable by 

1 0 both (step 13). Thus the MMSC1 can be sure that the subscriber who madee the 
request for a connectionn set-up belongs to the defined user group. MSISC1 
continues to set up the c call to packet assembler/disassembler PAD onnly if 
based on the access dateta of the packet assembler/disassembler it finds ; that 
the packet assembler/dissassembler belongs to the user group defined byy the 

15 subscriber (step 14). Thee packet assembler/disassembler is connecteed to 
MSC1 in a dependable nmanner (step 15), so it can be sure that all callss set 
up alt the way up to itseelf have come from subscribers who belong toD the 
same user group as the? packet assembler/disassembler and who are 1 thus 
reliable. Within the data a network the network elements trust one anoother 

20 (step 16), so the HOST seervertoo can consider the MS user reliable. 

In the examples presented in the foregoing only such situatitions 
were considered where tfthe exchange is connected to the data network \ with 
the aid of a packet assemnbler/disassembler PAD. It is obvious, however, , that 
in order to improve dataa security the invention may also be used in oother 

25 data access techniques, c of which a few examples are shown in Figure 1 . . 

In the foregoinpg, the invention was described as applied to a GGSM 
system, but the inventionn is not limited to this system. The invention cann be 
used in the same manneer in all mobile station networks, satellite netwoorks, 
cordless systems, sucbh as the DECT (Digital European Corddless 

30 Telephone), and trunkinog networks, such as the TETRA (Trans-Europpean 
Trunked Radio). Nor neeed the telephone system necessarily be a cisircuit 
switched system as in thoe examples, but the invention may also be usecd for 
connecting packet switcbhed systems, such as the GPRS (General Paacket 
Radio Service), to data nnetworks. Another example of a non-circuit switcched 

35 system, to which the inveention can be applied, are systems utilising the /ATM 



! 
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cell-switched forwarding i method. The ATM is designed for use e.g. im the 
planned mobile communkications systems of the third generation. 

Nor is it essential for the basic inventive idea that a telephhone 
system which is switchedd on to a data network is explicitly a mobile staation 
5 network. When applying t the invention to a mobile communications netwwork, 
however, it is possible to • make use of the existing authentication functionns of 
the mobile communicaticions system in order to verify the identity of f the 
subscriber who wants to \ have a connection with the data network. Howesver, 
the invention may be implemented in the same way also to the exchangge of 
10 a fixed network by defininng a closed user group including network users ; and 
a data network access pooint. 
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Claims 

1. Method off improving the data security of a data senrvice 
connected to a telephoone network in a telephone system incluading 
subscribers, subscriber eequipment and telephone exchanges, wherein i the 

5 data service is connectedd to the telephone exchange by a data access, the 
call number of which is chhosen by the subscriber when starting the data < call, 
and in which system it is p possible to form closed user groups, the inside ccalls 
of which are different as r regards the way in which they are set up from ccalls 
made outside the user grjroup and from calls received from outside the tuser 
10 group, whereby data conncerning the user group is stored in the subscriber 
data of the subscribers beelonging to the group, 
characterized in that 

a closed user ggroup is formed which includes the data access ; and 
the users of the data senrvice which it connects with the telephone systttem, 
15 and data indicating memhbership in the user group is added to the acccess 
data of the data access, 

when starting z a data call, the subscriber sends a request for ; set- 
up of a data call connection as a call of the closed user group, and iff the 
subscriber has the right tao calls within the user group: 
20 the data call isis routed to that telephone exchange which haas a 

connected data access wh/hose call number was chosen by the subscriber^, 

in the telephoDne exchange, the user group data of the cabll is 
compared with the accesss data of the data access, 

such incomingg calls are barred which come from outside i the 
25 closed user group of the ddata service, and 

such incoming j calls to the data access are set up which are wr/ithin 
the closed user group of tithe data service. 

2. Method as ddefined in claim 1, characterized in that t the 
telephone system is a moobile communications system including at least ( one 

30 mobile switching centre w/vhich has a direct data access to the data netwonrk. 

3. Method as ddefined in claim 1, characterized in that t the 
subscriber is defined ass belonging to the closed user group of the cdata 
service by adding to the : subscriber data an identifier (CUG IC) defining 3 the 
closed user group unambbiguously in the telephone network. 

35 4. Method as ddefined in claim 3, characterized in that t it is 

found that the subscriber is entitled to calls within the closed user groupp of 
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the data service, if the subscribers subscriber data shows that the subscriber 
belongs to the closed useer group of the data service. 

5. Method as cdefined in claim 1, characterized in i that 
data is defined in the subbscriber's subscriber data to show that when sefctting 

5 up data calls the closed uuser group of the data service is used as the defcfault 
closed user group. 

6. Method as cdefined in claim 5, characterized in 1 that 
when setting up a data ccall, the data of the closed user group of the cdata 
service is used automatically as the user group data. 

10 7. Method as cdefined in claim 1, characterized ini that 

when relaying the subsscriber's request for set-up of a data call, the 
subscriber equipment defefines the closed user group of the data servicee for ' 
use in the call as the user* group. 

8. Method as ddefined in claim 1, characterized in that 

15 the data accesss is defined as belonging to the closed user gnroup 

of the data service by addding to its access data in the telephone system cdata 
on an identifier defining i unambiguously the closed user group of the cdata 
service in the telephone n network, 

incoming calls ; outside the user group are barred by adding toD the 
20 access data data on baarring of incoming calls coming from outside \ the 
closed user group, and 

calls within thee user group are permitted by adding to the acccess 
data data on access for ccalls within the user group. 

9. Method as ddefined in claim 8, characterized in thaat in 
25 the telephone exchange i having a data access connected to it whose i call 

number the subscriber haas chosen, a check is made to find out from the tuser 
group data added to the 3 access data of the data access whether the tidata 
access belongs to the us6er group to use in the incoming data call, 

set-up of the ccall is barred, if the data access does not belonpg to 
30 the user group to be usedd in the data call, and 

a call is set upp to the data access, if the data access belonggs to 
the user group to be usedd in the data call. 

10. Method ass defined in claim 1, characterized in tlthat 
the data access is a matcching unit of an ATM network. 

35 11. Method ass defined in claim 1, characterized in tlthat 

the data access is a pack-ket assembler/disassembler PAD. 
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12. Method ass defined in claim 1, characterized in tlthat 
the data access is a routeer of a local area network LAN. 

13. Method ass defined in claim 1, characterized in tlthat 
the data access is a subbscriber line allocated fixedly for use by the cdata 

5 network. 

14. Method as 5 defined in claim 1, characterized in tlthat 
the data access is a packket handler. 

1 5. Method as s defined in claim 1, characterized in tlthat 
the data access is an acccess router AR. 

10 16. Method as 3 defined in claim 1, characterized in tlthat 

the data signal for use inn the data call connection is in accordance withi the 
CCITT V.1 10 specificationn. 

17. Method as s defined in claim 1, characterized in tlthat 
the data signal for use inn the data call connection is in accordance withi the 

15 CCITT V.1 20 specificationn. ^ 

18. Method ass defined in claim 1, characterized in tlthat 
the data signal for use inn the data call connection is in accordance withi the 
CCITT V.24AA28 specification. 

19. Method ass defined in claim 1, characterized in tlthat 
20 the data signal for use irin the data call connection is an analogous moodem 

signal. 
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